Closed Bug 1394878 Opened 8 years ago Closed 8 years ago

Crash in vLinearTransform_8to16Q12_vec

Categories

(Core :: Widget: Cocoa, defect)

Product:
Core
Component:
Widget: Cocoa
Platform:
Unspecified
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1395708
Tracking Flags:
Tracking Status
firefox57 --- affected

People

(Reporter: marcia, Unassigned)

References

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-b6870fda-3ee6-41aa-8587-47afc0170828. ============================================================= Mac specific 10.11 crash that seems to have some stylo source affected: http://bit.ly/2wf85In. Started with 20170827100428. 8 installs/8 crashes. Please retarget if it is not stylo specific.
I looked at this a bit and discussed with spohl. What's happening here is that the parallel stylo traversal is calling into OSX widget code. This initially had me worried that somehow calling into this API OMT was a problem, but spohl said colorUsingColorSpaceName should be thread-safe. And even if it weren't, we mutex all calls into OS widget code, so it would only be a problem if the platform API were using TLS, which is even less likely. I've looked at the callsites, and it seems that whatever the style code is passing to NativeGetColor, only known constant values will be passed to the system API: http://searchfox.org/mozilla-central/rev/cd82cacec2cf734768827ff85ba2dba90a534c5e/widget/cocoa/nsLookAndFeel.mm#65 According to spohl, the most likely reason for a crash like this would be the SDK mismatches we're dealing with in bug 1324892. Moving to the cocoa component for now. Marcia, please let us know if the crash rises to worrisome levels.
Component: CSS Parsing and Computation → Widget: Cocoa
Depends on: 1324892
Summary: stylo: Crash in vLinearTransform_8to16Q12_vec → Crash in vLinearTransform_8to16Q12_vec
Adding another 10.11 signature I spotted today in crash stats - 12 crashes/8 installs.
Crash Signature: [@ vLinearTransform_8to16Q12_vec] → [@ vLinearTransform_8to16Q12_vec] [@ vRotate_90_Planar_UInt8]
See Also: → 1395708
fbertsch said on Slack that he hits this crash signature very frequently when searching Amazon.com on OS X 10.11. I can't reproduce on macOS 10.12. Example URL: https://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Daps&field-keywords=test&rh=i%3Aaps%2Ck%3Atest
(In reply to Chris Peterson [:cpeterson] from comment #3) > fbertsch said on Slack that he hits this crash signature very frequently > when searching Amazon.com on OS X 10.11. I can't reproduce on macOS 10.12. > > Example URL: > https://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Daps&field- > keywords=test&rh=i%3Aaps%2Ck%3Atest Note that the current theory is that this is related to stack overflow. Need ted to perform the analysis requested in bug 1394878 comment 4 to confirm that theory and answer a few questions before moving forward.
Depends on: 1395708
No longer depends on: 1324892
Looks like the crashes stopped when the code for bug 1395708 landed.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.